Ukuba sesichengeni kwiphakheji yepppd kwazisiwe eluntwini (I-CVE-2020-8597) echaphazela kakhulu ezinye iinkonzo zeVPN, uqhagamshelo lwe-DSL kunye ne-Ethernet ukusukela ukuba ibug ifunyenwe ikhowudi evumelekileyo ukuba iphunyezwe ngokuthumela izicelo zoqinisekiso eziyilwe ngokukodwa kwiinkqubo ezisebenzisa iPPP (Point to Point Protocol) okanye PPPoE (PPP over Ethernet).
Kwaye njengoko besitshilo, Ezi prothokholi zihlala zisetyenziswa ngababoneleli abohlukeneyo ukuseka imidibaniso phezu kwe-Ethernet okanye DSL kwaye zikwasetyenziswa kwezinye VPNs umzekelo pptpd kunye openfortivpn.
Ukuvavanya ukubakho kweenkqubo kwingxaki, iprototype exploit yalungiswa, esele ikho Iyafumaneka kuluntu jikelele.
Malunga nesigwebo
Ukuba sesichengeni kubangelwa kukuphuphuma kwebuffer ekuphunyezweni kweProtocol yoQinisekiso oloNgezelelweyo (EAP).
Isiphene esongezelelweyo esinengqiqo sibangela ukuba i-eap_input () umsebenzi ungajongi ukuba i-EAP ixoxiwe na ngexesha leSigaba soLawulo lweMigaqo (LCP).
Oku kuvumela umhlaseli ongagunyaziswanga ukuba athumele ipakethi ye-EAP nokuba i-ppp yalile uthethathethwano loqinisekiso ngenxa yokunqongophala kwenkxaso ye-EAP okanye ngenxa yokungahambelani kwebinzana lokugqitha ekwabelwana ngalo kwisigaba seLCP.
Ikhowudi yeppd esesichengeni kwi-eap_input iya kuqhubeka nokuqhubekekisa ipakethi ye-EAP kwaye iqalise ukuphuphuma kwebuffer yestack.
Le datha engangqiniswanga enobungakanani obungaziwayo ingasetyenziselwa ukonakalisa imemori yenkqubo ekujoliswe kuyo. I pppd ihlala isebenza ngamalungelo aphezulu (inkqubo okanye ingcambu) kwaye isebenza ngokudityaniswa nabaqhubi be kernel. Oku kwenza kube lula kumhlaseli ukuba aphumeze ikhowudi engenamkhethe ngeengcambu okanye amalungelo omgangatho wenkqubo.
Ngaloo nto, Uhlaselo lunokwenziwa kwinqanaba phambi kokuqinisekiswa dlula ngokuthumela ipakethe enohlobo lwe EAPT_MD5CHAP, iquka igama lenginginya elide kakhulu elingangeniyo kwisithinteli esinikezelweyo.
Ngenxa yegciwane kwikhowudi ukujonga ubungakanani bendawo yegama le-rhost, umhlaseli angabhala ngaphezulu idatha ngaphandle kwesithinteli kwisitaki kwaye ufezekise ukwenziwa okude kwekhowudi yakho ngamalungelo engcambu.
Ubuthathaka buzibonakalisa kumncedisi kunye necala lomxumi, oko kukuthi, ayingomncedisi kuphela onokuhlaselwa, kodwa nomxhasi ozama ukudibanisa kumncedisi olawulwa ngumhlaseli (umzekelo, umhlaseli angagqekeza umncedisi ngobuthathaka kuqala aze aqalise ukuhlasela abathengi abadityanisiweyo. .dibanisa).
Ukuba sesichengeni ikwachaphazela isitaki se-lwIP, kodwa inkxaso ye-EAP ayenziwanga kuqwalaselo olungagqibekanga kwi-lwIP.
Iinguqulelo ezichaphazelekayo kunye nesisombululo
Ngokunjalo le bug ichongiwe ichaphazela iinguqulelo zepppd 2.4.2 ukuya ku-2.4.8 equkayo kwaye isonjululwe ngokohlobo lwesiqwenga. Kuba abanye benu baya kwazi ukuba ukubhengezwa kweempazamo kuluntu ngokubanzi kwenziwa emva kokufunyanwa kwazo kwaye ingxaki isonjululwe. Kwaye, nangona oku kuthatha inkqubo enkulu, kusekho indawo yomsebenzisi ekufuneka enze uhlaziyo oluhambelanayo.
Isimo sesisombululo sengxaki sinokujongwa kwakhona ngaphakathi kweengxelo zonikezelo lweLinux eziphambili.
Oku kunokubonwa kwi ngala amaphepha: Debian, Ubuntu, RHELFedora, USUSE, I-OpenWRT, igophe, NetBSD.
Kwi-RHEL, i-OpenWRT, kunye ne-SUSE, iphakheji ye-pppd ihlanganiswe kunye nokufakwa kwe-"Stack Smashing Protection" (imodi ye-"Stack Smashing Protection").-umkhuseli we-fstack» kwi-gcc), ethintela ukusebenza kwesitshixo.
Ukongeza kwizabelo, ubuthathaka buqinisekiswa kwezinye iimveliso ezivela kwiCisco (CallManager), i-TP-LINK kunye ne-Synology (uMphathi weDiskiStation, i-VisualStation VS960HD kunye noMphathi weNdlela) usebenzisa i-pppd okanye ikhowudi ye-lwIP.
Ke ngoko, ipatch iyafumaneka ngoku ngaphakathi koovimba abaninzi beLinux abasasazekileyo kwaye abanye sele beyiphumezile ngokunikezela ngohlaziyo lwephakheji.
Ukuba ufuna ukwazi ngakumbi ngayo Malunga nempazamo efunyenweyo, unokujongana neenkcukacha kunye nolwazi oluthe kratya Kule khonkco ilandelayo.